warn-no-info
Aucune information trouvée dans cette catégorie
warn-no-info
Aucune information trouvée dans cette catégorie
Scan Summary :
Sévérité | Service à l'écoute | Vulnérabilités |
|---|---|---|
| http (port:80) | 79 vulnérabilité(s) trouvée(s) :
| |
| http (port:443) | 79 vulnérabilité(s) trouvée(s) :
| |
| zeus-admin (port:9090) |
Scan Summary :
Impact | Description | Documentation |
|---|---|---|
| Content Security Policy (CSP) header not implemented | Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | |
| HTTP Strict Transport Security (HSTS) header not implemented | Doc header Strict-Transport-Security (HSTS). | |
| X-Frame-Options (XFO) header not implemented | Doc header X-Frame-Options. | |
| X-XSS-Protection header not implemented | Doc header X-XSS-Protection. | |
| X-Content-Type-Options header not implemented | Doc header X-Content-Type-Options. |
Scan Summary :
Grade capped to A. HSTS is not offered
Grade capped to B. TLS 1.0 offered
Grade capped to B. TLS 1.1 offered
Expiration : 04/07/2024
Risk/Confidence | Name |
|---|---|
| PII Disclosure | |
| Content Security Policy (CSP) Header Not Set | |
| Sub Resource Integrity Attribute Missing | |
| Missing Anti-clickjacking Header | |
| Source Code Disclosure - PHP | |
| Absence of Anti-CSRF Tokens | |
| Server Leaks Version Information via "Server" HTTP Response Header Field | |
| Strict-Transport-Security Header Not Set | |
| Cookie without SameSite Attribute | |
| Cross-Domain JavaScript Source File Inclusion | |
| Permissions Policy Header Not Set | |
| X-Content-Type-Options Header Missing | |
| Dangerous JS Functions | |
| Timestamp Disclosure - Unix | |
| Sec-Fetch-Dest Header is Missing | |
| Sec-Fetch-Mode Header is Missing | |
| Sec-Fetch-Site Header is Missing | |
| Sec-Fetch-User Header is Missing | |
| Base64 Disclosure | |
| Modern Web Application | |
| Non-Storable Content | |
| Session Management Response Identified | |
| Storable and Cacheable Content | |
| Information Disclosure - Suspicious Comments | |
| Re-examine Cache-control Directives | |
| User Controllable HTML Element Attribute (Potential XSS) |
Séverité | Name | Matcher |
|---|---|---|
| CAA Record | caa-fingerprint | |
| DNS SaaS Service Detection | dns-saas-service-detection | |
| Allowed Options Method | options-method | |
| HttpOnly Cookie - Detect | httponly-cookie-detect | |
| Metatag CMS Detection | metatag-cms | |
| HTTP Missing Security Headers | referrer-policy | |
| HTTP Missing Security Headers | clear-site-data | |
| HTTP Missing Security Headers | cross-origin-embedder-policy | |
| HTTP Missing Security Headers | content-security-policy | |
| HTTP Missing Security Headers | permissions-policy | |
| HTTP Missing Security Headers | x-frame-options | |
| HTTP Missing Security Headers | x-content-type-options | |
| HTTP Missing Security Headers | x-permitted-cross-domain-policies | |
| HTTP Missing Security Headers | cross-origin-opener-policy | |
| HTTP Missing Security Headers | cross-origin-resource-policy | |
| HTTP Missing Security Headers | strict-transport-security | |
| HTTP Missing Security Headers | strict-transport-security | |
| HTTP Missing Security Headers | content-security-policy | |
| HTTP Missing Security Headers | permissions-policy | |
| HTTP Missing Security Headers | x-frame-options | |
| HTTP Missing Security Headers | x-content-type-options | |
| HTTP Missing Security Headers | x-permitted-cross-domain-policies | |
| HTTP Missing Security Headers | referrer-policy | |
| HTTP Missing Security Headers | clear-site-data | |
| HTTP Missing Security Headers | cross-origin-embedder-policy | |
| HTTP Missing Security Headers | cross-origin-opener-policy | |
| HTTP Missing Security Headers | cross-origin-resource-policy | |
| security.txt File | security-txt | |
| Apache Tomcat Example Scripts - Detect | tomcat-scripts | |
| Apache Tomcat Example Scripts - Detect | tomcat-scripts | |
| Apache Tomcat Example Scripts - Detect | tomcat-scripts | |
| WAF Detection | apachegeneric | |
| Detect SSL Certificate Issuer | ssl-issuer | |
| SSL DNS Names | ssl-dns-names | |
| Wildcard TLS Certificate | wildcard-tls | |
| TLS Version - Detect | tls-version | |
| Deprecated TLS Detection (TLS 1.1 or SSLv3) | deprecated-tls | |
| TLS Version - Detect | tls-version | |
| Deprecated TLS Detection (TLS 1.1 or SSLv3) | deprecated-tls | |
| TLS Version - Detect | tls-version | |
| TLS Version - Detect | tls-version | |
| Weak Cipher Suites Detection | tls-1.0 | |
| Weak Cipher Suites Detection | tls-1.1 |
warn-no-info
Aucune information trouvée dans cette catégorie
